Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into 1808-pleroma-sucks

lib/pleroma/web/admin_api/controllers/admin_api_controller.ex

@@ -98,13 +98,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
   plug(
     OAuthScopesPlug,
     %{scopes: ["read:statuses"], admin: true}
-    when action in [:list_statuses, :list_user_statuses, :list_instance_statuses, :status_show]
-  )
-
-  plug(
-    OAuthScopesPlug,
-    %{scopes: ["write:statuses"], admin: true}
-    when action in [:status_update, :status_delete]
+    when action in [:list_user_statuses, :list_instance_statuses]
   )
 
   plug(
@@ -136,7 +130,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
          ]
   )
 
-  action_fallback(:errors)
+  action_fallback(AdminAPI.FallbackController)
 
   def user_delete(conn, %{"nickname" => nickname}) do
     user_delete(conn, %{"nicknames" => [nickname]})
@@ -597,16 +591,10 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
       json_response(conn, :no_content, "")
     else
       {:registrations_open, _} ->
-        errors(
-          conn,
-          {:error, "To send invites you need to set the `registrations_open` option to false."}
-        )
+        {:error, "To send invites you need to set the `registrations_open` option to false."}
 
       {:invites_enabled, _} ->
-        errors(
-          conn,
-          {:error, "To send invites you need to set the `invites_enabled` option to true."}
-        )
+        {:error, "To send invites you need to set the `invites_enabled` option to true."}
     end
   end
 
@@ -814,71 +802,6 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
     end
   end
 
-  def list_statuses(%{assigns: %{user: _admin}} = conn, params) do
-    godmode = params["godmode"] == "true" || params["godmode"] == true
-    local_only = params["local_only"] == "true" || params["local_only"] == true
-    with_reblogs = params["with_reblogs"] == "true" || params["with_reblogs"] == true
-    {page, page_size} = page_params(params)
-
-    activities =
-      ActivityPub.fetch_statuses(nil, %{
-        "godmode" => godmode,
-        "local_only" => local_only,
-        "limit" => page_size,
-        "offset" => (page - 1) * page_size,
-        "exclude_reblogs" => !with_reblogs && "true"
-      })
-
-    conn
-    |> put_view(AdminAPI.StatusView)
-    |> render("index.json", %{activities: activities, as: :activity})
-  end
-
-  def status_show(conn, %{"id" => id}) do
-    with %Activity{} = activity <- Activity.get_by_id(id) do
-      conn
-      |> put_view(MastodonAPI.StatusView)
-      |> render("show.json", %{activity: activity})
-    else
-      _ -> errors(conn, {:error, :not_found})
-    end
-  end
-
-  def status_update(%{assigns: %{user: admin}} = conn, %{"id" => id} = params) do
-    params =
-      params
-      |> Map.take(["sensitive", "visibility"])
-      |> Map.new(fn {key, value} -> {String.to_existing_atom(key), value} end)
-
-    with {:ok, activity} <- CommonAPI.update_activity_scope(id, params) do
-      {:ok, sensitive} = Ecto.Type.cast(:boolean, params[:sensitive])
-
-      ModerationLog.insert_log(%{
-        action: "status_update",
-        actor: admin,
-        subject: activity,
-        sensitive: sensitive,
-        visibility: params[:visibility]
-      })
-
-      conn
-      |> put_view(MastodonAPI.StatusView)
-      |> render("show.json", %{activity: activity})
-    end
-  end
-
-  def status_delete(%{assigns: %{user: user}} = conn, %{"id" => id}) do
-    with {:ok, %Activity{}} <- CommonAPI.delete(id, user) do
-      ModerationLog.insert_log(%{
-        action: "status_delete",
-        actor: user,
-        subject_id: id
-      })
-
-      json(conn, %{})
-    end
-  end
-
   def list_log(conn, params) do
     {page, page_size} = page_params(params)
 
@@ -904,7 +827,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
   end
 
   def config_show(conn, %{"only_db" => true}) do
-    with :ok <- configurable_from_database(conn) do
+    with :ok <- configurable_from_database() do
       configs = Pleroma.Repo.all(ConfigDB)
 
       conn
@@ -914,7 +837,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
   end
 
   def config_show(conn, _params) do
-    with :ok <- configurable_from_database(conn) do
+    with :ok <- configurable_from_database() do
       configs = ConfigDB.get_all_as_keyword()
 
       merged =
@@ -953,7 +876,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
   end
 
   def config_update(conn, %{"configs" => configs}) do
-    with :ok <- configurable_from_database(conn) do
+    with :ok <- configurable_from_database() do
       {_errors, results} =
         configs
         |> Enum.filter(&whitelisted_config?/1)
@@ -997,7 +920,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
   end
 
   def restart(conn, _params) do
-    with :ok <- configurable_from_database(conn) do
+    with :ok <- configurable_from_database() do
       Restarter.Pleroma.restart(Config.get(:env), 50)
 
       json(conn, %{})
@@ -1008,14 +931,11 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
     json(conn, %{need_reboot: Restarter.Pleroma.need_reboot?()})
   end
 
-  defp configurable_from_database(conn) do
+  defp configurable_from_database do
     if Config.get(:configurable_from_database) do
       :ok
     else
-      errors(
-        conn,
-        {:error, "To use this endpoint you need to enable configuration from database."}
-      )
+      {:error, "To use this endpoint you need to enable configuration from database."}
     end
   end
 
@@ -1159,30 +1079,6 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
     |> json(%{"status_visibility" => count})
   end
 
-  defp errors(conn, {:error, :not_found}) do
-    conn
-    |> put_status(:not_found)
-    |> json(dgettext("errors", "Not found"))
-  end
-
-  defp errors(conn, {:error, reason}) do
-    conn
-    |> put_status(:bad_request)
-    |> json(reason)
-  end
-
-  defp errors(conn, {:param_cast, _}) do
-    conn
-    |> put_status(:bad_request)
-    |> json(dgettext("errors", "Invalid parameters"))
-  end
-
-  defp errors(conn, _) do
-    conn
-    |> put_status(:internal_server_error)
-    |> json(dgettext("errors", "Something went wrong"))
-  end
-
   defp page_params(params) do
     {get_page(params["page"]), get_page_size(params["page_size"])}
   end

lib/pleroma/web/admin_api/controllers/fallback_controller.ex

@@ -0,0 +1,31 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.AdminAPI.FallbackController do
+  use Pleroma.Web, :controller
+
+  def call(conn, {:error, :not_found}) do
+    conn
+    |> put_status(:not_found)
+    |> json(%{error: dgettext("errors", "Not found")})
+  end
+
+  def call(conn, {:error, reason}) do
+    conn
+    |> put_status(:bad_request)
+    |> json(%{error: reason})
+  end
+
+  def call(conn, {:param_cast, _}) do
+    conn
+    |> put_status(:bad_request)
+    |> json(dgettext("errors", "Invalid parameters"))
+  end
+
+  def call(conn, _) do
+    conn
+    |> put_status(:internal_server_error)
+    |> json(%{error: dgettext("errors", "Something went wrong")})
+  end
+end

lib/pleroma/web/admin_api/controllers/status_controller.ex

@@ -0,0 +1,79 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.AdminAPI.StatusController do
+  use Pleroma.Web, :controller
+
+  alias Pleroma.Activity
+  alias Pleroma.ModerationLog
+  alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.MastodonAPI
+
+  require Logger
+
+  plug(Pleroma.Web.ApiSpec.CastAndValidate)
+  plug(OAuthScopesPlug, %{scopes: ["read:statuses"], admin: true} when action in [:index, :show])
+
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["write:statuses"], admin: true} when action in [:update, :delete]
+  )
+
+  action_fallback(Pleroma.Web.AdminAPI.FallbackController)
+
+  defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.Admin.StatusOperation
+
+  def index(%{assigns: %{user: _admin}} = conn, params) do
+    activities =
+      ActivityPub.fetch_statuses(nil, %{
+        "godmode" => params.godmode,
+        "local_only" => params.local_only,
+        "limit" => params.page_size,
+        "offset" => (params.page - 1) * params.page_size,
+        "exclude_reblogs" => not params.with_reblogs
+      })
+
+    render(conn, "index.json", activities: activities, as: :activity)
+  end
+
+  def show(conn, %{id: id}) do
+    with %Activity{} = activity <- Activity.get_by_id(id) do
+      conn
+      |> put_view(MastodonAPI.StatusView)
+      |> render("show.json", %{activity: activity})
+    else
+      nil -> {:error, :not_found}
+    end
+  end
+
+  def update(%{assigns: %{user: admin}, body_params: params} = conn, %{id: id}) do
+    with {:ok, activity} <- CommonAPI.update_activity_scope(id, params) do
+      ModerationLog.insert_log(%{
+        action: "status_update",
+        actor: admin,
+        subject: activity,
+        sensitive: params[:sensitive],
+        visibility: params[:visibility]
+      })
+
+      conn
+      |> put_view(MastodonAPI.StatusView)
+      |> render("show.json", %{activity: activity})
+    end
+  end
+
+  def delete(%{assigns: %{user: user}} = conn, %{id: id}) do
+    with {:ok, %Activity{}} <- CommonAPI.delete(id, user) do
+      ModerationLog.insert_log(%{
+        action: "status_delete",
+        actor: user,
+        subject_id: id
+      })
+
+      json(conn, %{})
+    end
+  end
+end

lib/pleroma/web/api_spec/operations/admin/status_operation.ex

@@ -0,0 +1,165 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.ApiSpec.Admin.StatusOperation do
+  alias OpenApiSpex.Operation
+  alias OpenApiSpex.Schema
+  alias Pleroma.Web.ApiSpec.Schemas.Account
+  alias Pleroma.Web.ApiSpec.Schemas.ApiError
+  alias Pleroma.Web.ApiSpec.Schemas.FlakeID
+  alias Pleroma.Web.ApiSpec.Schemas.Status
+  alias Pleroma.Web.ApiSpec.Schemas.VisibilityScope
+
+  import Pleroma.Web.ApiSpec.Helpers
+  import Pleroma.Web.ApiSpec.StatusOperation, only: [id_param: 0]
+
+  def open_api_operation(action) do
+    operation = String.to_existing_atom("#{action}_operation")
+    apply(__MODULE__, operation, [])
+  end
+
+  def index_operation do
+    %Operation{
+      tags: ["Admin", "Statuses"],
+      operationId: "AdminAPI.StatusController.index",
+      security: [%{"oAuth" => ["read:statuses"]}],
+      parameters: [
+        Operation.parameter(
+          :godmode,
+          :query,
+          %Schema{type: :boolean, default: false},
+          "Allows to see private statuses"
+        ),
+        Operation.parameter(
+          :local_only,
+          :query,
+          %Schema{type: :boolean, default: false},
+          "Excludes remote statuses"
+        ),
+        Operation.parameter(
+          :with_reblogs,
+          :query,
+          %Schema{type: :boolean, default: false},
+          "Allows to see reblogs"
+        ),
+        Operation.parameter(
+          :page,
+          :query,
+          %Schema{type: :integer, default: 1},
+          "Page"
+        ),
+        Operation.parameter(
+          :page_size,
+          :query,
+          %Schema{type: :integer, default: 50},
+          "Number of statuses to return"
+        )
+      ],
+      responses: %{
+        200 =>
+          Operation.response("Array of statuses", "application/json", %Schema{
+            type: :array,
+            items: status()
+          })
+      }
+    }
+  end
+
+  def show_operation do
+    %Operation{
+      tags: ["Admin", "Statuses"],
+      summary: "Show Status",
+      operationId: "AdminAPI.StatusController.show",
+      parameters: [id_param()],
+      security: [%{"oAuth" => ["read:statuses"]}],
+      responses: %{
+        200 => Operation.response("Status", "application/json", Status),
+        404 => Operation.response("Not Found", "application/json", ApiError)
+      }
+    }
+  end
+
+  def update_operation do
+    %Operation{
+      tags: ["Admin", "Statuses"],
+      summary: "Change the scope of an individual reported status",
+      operationId: "AdminAPI.StatusController.update",
+      parameters: [id_param()],
+      security: [%{"oAuth" => ["write:statuses"]}],
+      requestBody: request_body("Parameters", update_request(), required: true),
+      responses: %{
+        200 => Operation.response("Status", "application/json", Status),
+        400 => Operation.response("Error", "application/json", ApiError)
+      }
+    }
+  end
+
+  def delete_operation do
+    %Operation{
+      tags: ["Admin", "Statuses"],
+      summary: "Delete an individual reported status",
+      operationId: "AdminAPI.StatusController.delete",
+      parameters: [id_param()],
+      security: [%{"oAuth" => ["write:statuses"]}],
+      responses: %{
+        200 => empty_object_response(),
+        404 => Operation.response("Not Found", "application/json", ApiError)
+      }
+    }
+  end
+
+  defp status do
+    %Schema{
+      anyOf: [
+        Status,
+        %Schema{
+          type: :object,
+          properties: %{
+            account: %Schema{allOf: [Account, admin_account()]}
+          }
+        }
+      ]
+    }
+  end
+
+  defp admin_account do
+    %Schema{
+      type: :object,
+      properties: %{
+        id: FlakeID,
+        avatar: %Schema{type: :string},
+        nickname: %Schema{type: :string},
+        display_name: %Schema{type: :string},
+        deactivated: %Schema{type: :boolean},
+        local: %Schema{type: :boolean},
+        roles: %Schema{
+          type: :object,
+          properties: %{
+            admin: %Schema{type: :boolean},
+            moderator: %Schema{type: :boolean}
+          }
+        },
+        tags: %Schema{type: :string},
+        confirmation_pending: %Schema{type: :string}
+      }
+    }
+  end
+
+  defp update_request do
+    %Schema{
+      type: :object,
+      properties: %{
+        sensitive: %Schema{
+          type: :boolean,
+          description: "Mark status and attached media as sensitive?"
+        },
+        visibility: VisibilityScope
+      },
+      example: %{
+        "visibility" => "private",
+        "sensitive" => "false"
+      }
+    }
+  end
+end

lib/pleroma/web/api_spec/operations/status_operation.ex

@@ -487,7 +487,7 @@ defmodule Pleroma.Web.ApiSpec.StatusOperation do
     }
   end
 
-  defp id_param do
+  def id_param do
     Operation.parameter(:id, :path, FlakeID, "Status ID",
       example: "9umDrYheeY451cQnEe",
       required: true

lib/pleroma/web/router.ex

@@ -189,10 +189,10 @@ defmodule Pleroma.Web.Router do
     post("/reports/:id/notes", AdminAPIController, :report_notes_create)
     delete("/reports/:report_id/notes/:id", AdminAPIController, :report_notes_delete)
 
-    get("/statuses/:id", AdminAPIController, :status_show)
-    put("/statuses/:id", AdminAPIController, :status_update)
-    delete("/statuses/:id", AdminAPIController, :status_delete)
-    get("/statuses", AdminAPIController, :list_statuses)
+    get("/statuses/:id", StatusController, :show)
+    put("/statuses/:id", StatusController, :update)
+    delete("/statuses/:id", StatusController, :delete)
+    get("/statuses", StatusController, :index)
 
     get("/config", AdminAPIController, :config_show)
     post("/config", AdminAPIController, :config_update)